From patchwork Thu Dec 10 03:50:35 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: DJ Delorie X-Patchwork-Id: 1413830 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=8.43.85.97; helo=sourceware.org; envelope-from=libc-alpha-bounces@sourceware.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=sourceware.org Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256 header.s=default header.b=nGYuBVTE; dkim-atps=neutral Received: from sourceware.org (unknown [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Cs0Lv1yP4z9sWL for ; Thu, 10 Dec 2020 14:50:47 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 4A63B38708B0; Thu, 10 Dec 2020 03:50:43 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 4A63B38708B0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1607572243; bh=eQ/LPnIG2vO4XXPFa4/v6UxdKYtMEOuoSd+86cXb5vI=; h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=nGYuBVTEZG2IQqP6Jk4EX7Z7M0ohoDnYgBxPfWhfOO2gX7w9qxmRncGV5HUkcctgm eUVyHkbUmQ4VkPTNsxE8ZdzKPlK4/YyAY45OihDY5HUkp/UnEGxuwrwQ1sFje9h/Ln icSiFmFsI7fLuYUicYRn25ILJQNfR+62/dHH74Sw= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by sourceware.org (Postfix) with ESMTP id 1F31538708B0 for ; Thu, 10 Dec 2020 03:50:40 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 1F31538708B0 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-551-t-pbZ_DMOvW4J-qriN-_RA-1; Wed, 09 Dec 2020 22:50:37 -0500 X-MC-Unique: t-pbZ_DMOvW4J-qriN-_RA-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E6E42180A086 for ; Thu, 10 Dec 2020 03:50:36 +0000 (UTC) Received: from greed.delorie.com (ovpn-113-151.rdu2.redhat.com [10.10.113.151]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B8D645D9CA for ; Thu, 10 Dec 2020 03:50:36 +0000 (UTC) Received: from greed.delorie.com.redhat.com (localhost [127.0.0.1]) by greed.delorie.com (8.14.7/8.14.7) with ESMTP id 0BA3oZpl030339 for ; Wed, 9 Dec 2020 22:50:35 -0500 Date: Wed, 09 Dec 2020 22:50:35 -0500 Message-Id: To: libc-alpha@sourceware.org Subject: nsswitch: handle missing actions properly X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-12.5 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: DJ Delorie via Libc-alpha From: DJ Delorie Reply-To: DJ Delorie Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" RCA: the __nss_database_get return value is nonzero on ERROR, not on MISSING. A separate check for MISSING is needed. This only really affects initgroups, since it has a fallback, so needs to know if initgroups is missing from nsswitch.conf. Note: it's now possible to have a line in nsswitch.conf like this: initgroups: That is *not* MISSING but has an empty module list. If this is undesired behavior, a further "&& nip->module" is needed. The nss_database.c patch ensures an empty module list for an empty nsswitch.conf list, instead of See also https://bugzilla.redhat.com/show_bug.cgi?id=1906066 Actual proposed commit follows: ----- Some internal functions need to know if a database has a nonzero list of actions; success getting the database does not guarantee that. Add checks for such as needed. Skip the ":" in each nsswitch.conf line so as not to add a dummy action libnss_:.so diff --git a/grp/initgroups.c b/grp/initgroups.c index a60ca1c395..a0a836d862 100644 --- a/grp/initgroups.c +++ b/grp/initgroups.c @@ -72,11 +72,13 @@ internal_getgrouplist (const char *user, gid_t group, long int *size, nss_action_list nip; - if (__nss_database_get (nss_database_initgroups, &nip)) + if (__nss_database_get (nss_database_initgroups, &nip) + && nip != NULL) { use_initgroups_entry = true; } - else if (__nss_database_get (nss_database_group, &nip)) + else if (__nss_database_get (nss_database_group, &nip) + && nip != NULL) { use_initgroups_entry = false; } diff --git a/nss/nss_database.c b/nss/nss_database.c index e8c307d1f3..a036e95fbf 100644 --- a/nss/nss_database.c +++ b/nss/nss_database.c @@ -212,7 +212,8 @@ process_line (struct nss_database_data *data, char *line) if (line[0] == '\0' || name == line) /* Syntax error. Skip this line. */ return true; - *line++ = '\0'; + while (line[0] != '\0' && (isspace (line[0]) || line[0] == ':')) + *line++ = '\0'; int db = name_to_database_index (name); if (db < 0) diff --git a/nss/nsswitch.c b/nss/nsswitch.c index 40109c744d..921062e04f 100644 --- a/nss/nsswitch.c +++ b/nss/nsswitch.c @@ -81,7 +81,7 @@ __nss_database_lookup2 (const char *database, const char *alternate_name, if (database_names[database_id] == NULL) return -1; - if (__nss_database_get (database_id, ni)) + if (__nss_database_get (database_id, ni) && *ni) { /* Success. */ return 0;